gatherup

SUSPICIOUS: the skill is mostly coherent with its stated GatherUp integration purpose and uses an official npm-distributed CLI, so it does not look overtly malicious. However, all authentication and API traffic are funneled through Membrane as an intermediary, creating meaningful third-party data-handling and credential-trust risk that is higher than a direct GatherUp integration.